diff --git a/sbom.json b/sbom.json index d2e02eeb71..7daf0f8070 100644 --- a/sbom.json +++ b/sbom.json @@ -1,159 +1,202 @@ { - "bomFormat": "CycloneDX", - "specVersion": "1.5", - "serialNumber": "urn:uuid:f91a87bf-a37f-4c1e-805f-142f60b2c960", - "version": 1, - "metadata": { - "timestamp": "2025-11-20T21:30:34Z", - "tools": { - "components": [ + "components": [ + { + "bom-ref": "dnspython==2.8.0", + "description": "DNS toolkit", + "externalReferences": [ { - "group": "@cyclonedx", - "name": "cdxgen", - "version": "11.11.0", - "purl": "pkg:npm/%40cyclonedx/cdxgen@11.11.0", - "type": "application", - "bom-ref": "pkg:npm/@cyclonedx/cdxgen@11.11.0", - "author": "OWASP Foundation", - "publisher": "OWASP Foundation" - } - ] - }, - "authors": [ - { - "name": "OWASP Foundation" - } - ], - "lifecycles": [ - { - "phase": "build" - } - ], - "component": { - "name": "pymongo", - "description": "PyMongo - the Official MongoDB Python driver", - "authors": [ + "comment": "from packaging metadata Project-URL: documentation", + "type": "documentation", + "url": "https://dnspython.readthedocs.io/en/stable/" + }, { - "name": "The MongoDB Python Team" - } - ], - "tags": [ - "bson", - "gridfs", - "mongo", - "mongodb", - "pymongo" - ], - "properties": [ + "comment": "from packaging metadata Project-URL: issues", + "type": "issue-tracker", + "url": "https://github.com/rthalley/dnspython/issues" + }, { - "name": "cdx:pypi:requiresPython", - "value": ">=3.9" + "comment": "from packaging metadata Project-URL: repository", + "type": "vcs", + "url": "https://github.com/rthalley/dnspython.git" }, { - "name": "SrcFile", - "value": "/home/runner/work/mongo-python-driver/mongo-python-driver/pyproject.toml" + "comment": "from packaging metadata Project-URL: homepage", + "type": "website", + "url": "https://www.dnspython.org" } ], - "type": "application", - "bom-ref": "pkg:pypi/pymongo@latest", - "purl": "pkg:pypi/pymongo@latest", - "version": "latest", "licenses": [ { "license": { - "id": "Apache-2.0", - "url": "https://opensource.org/licenses/Apache-2.0" + "id": "ISC" } } - ] + ], + "name": "dnspython", + "purl": "pkg:pypi/dnspython@2.8.0", + "type": "library", + "version": "2.8.0" }, - "properties": [ - { - "name": "cdx:bom:componentTypes", - "value": "pypi" - }, - { - "name": "cdx:bom:componentSrcFiles", - "value": "pyproject.toml" - } - ] - }, - "components": [ { - "group": "", - "name": "pymongo", - "version": "latest", - "purl": "pkg:pypi/pymongo@latest", - "type": "library", - "bom-ref": "pkg:pypi/pymongo@latest", - "properties": [ + "bom-ref": "pymongo==4.16.0.dev0", + "description": "PyMongo - the Official MongoDB Python driver", + "externalReferences": [ + { + "comment": "PackageSource: Local", + "type": "distribution", + "url": "file:///home/runner/work/mongo-python-driver/mongo-python-driver" + }, + { + "comment": "from packaging metadata Project-URL: Documentation", + "type": "documentation", + "url": "https://www.mongodb.com/docs/languages/python/pymongo-driver/current/" + }, { - "name": "SrcFile", - "value": "pyproject.toml" + "comment": "from packaging metadata Project-URL: Tracker", + "type": "issue-tracker", + "url": "https://jira.mongodb.org/projects/PYTHON/issues" + }, + { + "comment": "from packaging metadata Project-URL: Source", + "type": "other", + "url": "https://github.com/mongodb/mongo-python-driver" + }, + { + "comment": "from packaging metadata Project-URL: Homepage", + "type": "website", + "url": "https://www.mongodb.org" } ], - "evidence": { - "identity": { - "field": "purl", - "confidence": 1, - "methods": [ - { - "technique": "instrumentation", - "confidence": 1, - "value": "/home/runner/work/mongo-python-driver/mongo-python-driver/.venv" - } - ] - } - } - }, - { - "author": "Bob Halley ", - "group": "", - "name": "dnspython", - "version": "2.8.0", - "description": "DNS toolkit", "licenses": [ { "license": { - "id": "ISC", - "url": "https://opensource.org/licenses/ISC" + "id": "Apache-2.0" } } ], - "purl": "pkg:pypi/dnspython@2.8.0", + "name": "pymongo", "type": "library", - "bom-ref": "pkg:pypi/dnspython@2.8.0", - "properties": [ - { - "name": "SrcFile", - "value": "pyproject.toml" - } - ], - "evidence": { - "identity": { - "field": "purl", - "confidence": 1, - "methods": [ - { - "technique": "instrumentation", - "confidence": 1, - "value": "/home/runner/work/mongo-python-driver/mongo-python-driver/.venv" - } - ] - } - } + "version": "4.16.0.dev0", + "purl": "pkg:pypi/pymongo@4.16.0.dev0" } ], "dependencies": [ { - "ref": "pkg:pypi/dnspython@2.8.0", - "dependsOn": [] + "ref": "dnspython==2.8.0" }, { - "ref": "pkg:pypi/pymongo@latest", "dependsOn": [ - "pkg:pypi/dnspython@2.8.0" + "dnspython==2.8.0" + ], + "ref": "pymongo==4.16.0.dev0" + } + ], + "metadata": { + "timestamp": "2025-11-24T16:21:47.249880+00:00", + "tools": { + "components": [ + { + "description": "CycloneDX Software Bill of Materials (SBOM) generator for Python projects and environments", + "externalReferences": [ + { + "type": "build-system", + "url": "https://github.com/CycloneDX/cyclonedx-python/actions" + }, + { + "type": "distribution", + "url": "https://pypi.org/project/cyclonedx-bom/" + }, + { + "type": "documentation", + "url": "https://cyclonedx-bom-tool.readthedocs.io/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/CycloneDX/cyclonedx-python/issues" + }, + { + "type": "license", + "url": "https://github.com/CycloneDX/cyclonedx-python/blob/main/LICENSE" + }, + { + "type": "release-notes", + "url": "https://github.com/CycloneDX/cyclonedx-python/blob/main/CHANGELOG.md" + }, + { + "type": "vcs", + "url": "https://github.com/CycloneDX/cyclonedx-python/" + }, + { + "type": "website", + "url": "https://github.com/CycloneDX/cyclonedx-python/#readme" + } + ], + "group": "CycloneDX", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "name": "cyclonedx-py", + "type": "application", + "version": "7.2.1" + }, + { + "description": "Python library for CycloneDX", + "externalReferences": [ + { + "type": "build-system", + "url": "https://github.com/CycloneDX/cyclonedx-python-lib/actions" + }, + { + "type": "distribution", + "url": "https://pypi.org/project/cyclonedx-python-lib/" + }, + { + "type": "documentation", + "url": "https://cyclonedx-python-library.readthedocs.io/" + }, + { + "type": "issue-tracker", + "url": "https://github.com/CycloneDX/cyclonedx-python-lib/issues" + }, + { + "type": "license", + "url": "https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/LICENSE" + }, + { + "type": "release-notes", + "url": "https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/CHANGELOG.md" + }, + { + "type": "vcs", + "url": "https://github.com/CycloneDX/cyclonedx-python-lib" + }, + { + "type": "website", + "url": "https://github.com/CycloneDX/cyclonedx-python-lib/#readme" + } + ], + "group": "CycloneDX", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "name": "cyclonedx-python-lib", + "type": "library", + "version": "11.5.0" + } ] } - ] -} \ No newline at end of file + }, + "serialNumber": "urn:uuid:7a19d697-d41e-4e88-b953-4bccb5d79937", + "version": 1, + "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.5" +}